Data collector threatens scribe who reported breach

[security curmudgeon <jericho () attrition org>]

http://www.theregister.co.uk/2009/12/15/lookout_services_security_breach/

Data collector threatens scribe who reported breach
Shoot the messenger, Texas-style
By Dan Goodin in San Francisco  Get more from this author
Posted in ID, 15th December 2009 23:33 GMT

A Texas company is threatening to press criminal and civil charges against 
a Minnesota Public Radio reporter after she uncovered a security lapse 
that exposed sensitive data for at least 500 people.

Bellaire, Texas-based Lookout Services admits that misconfigurations on 
its website left databases containing names, dates of birth, and social 
security numbers accessible to unauthorized individuals. But the company, 
which verifies the identities of new employees, says MPR and its reporter, 
Sasha Aslanian, violated criminal statutes when she viewed databases 
belonging to five of Lookout's customers.

"They breached the security of the database without authorization, which 
is a serious offense," Gregory Abbott, a Minneapolis attorney representing 
Lookout, told The Register. "There's both criminal and civil liability 
attached to that. I would anticipate litigation."

Lookout has already sued the state of Minnesota because one of its 
employees allegedly leaked details of the vulnerability after learning of 
it at a company-sponsored webinar.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php